> > I agree that Security is maybe too generic, but it generally refers to
> > Authentication and Authorization Services in the Java Server world.
> > So I would favor:
> > 1. Apache Security Framework
> > or
> > 2. Apache Authentication and Authorization Framework
> With that said I think I'm a tiny bit partial to #1 though just because
> it gives you room to grow the API to handle ancillary things that
> facilitate AAA but may not necessarily be central to performing AAA.
Perhaps, but it also implies to be "the" Apache Security Framework, and that
might not be appropriate. Don't forget that we already have the J2EE roles
support already in Tomcat, for example. And we have WS-Security related
code elsewhere. Do we have reason to believe that we'd subsume all of our
Java security related infrastructure?
Looking at http://wiki.apache.org/directory/JanusHome, and thinking
generally, I wonder if Credential Framework might be good. I do find the
whole thing exciting, and suggest that we make sure that the JetSpeed folks
know about it, as well as others.
--- Noel